Follow

📱 Instant messaging clients. Choose wisely what you use to communicate.

A visualization by @niboe under CC BY SA license.

Please share ❤️

@satur @niboe for Signal, server bar must be orange. What they run on their servers now is not published. Last update of their repo was 9 months ago, AFAIK.

@IzzyOnDroid @satur @niboe

That's false. The server code was last updated a few days ago. It's not like there is actually anything complicated to do to just transfer encrypted blobs to the right person. Most of the validation is done client-side.

The signal-server repo is not the only one that is used. SecureValueRecovery and ContactDiscoveryService are used and up to date.

Given that it's all AGPLv3 and that they don't seem to have a CLA, it would be illegal for them to do what you claim.

@dreeg @satur @niboe Source for my claim: kuketz-blog.de/signal-server-s I know Mike personally. He's a renowned security expert and does not make "empty claims".

Checking, I see nothing has changed: last commit 4/2020. This Github repo is their official repo, it nowhere states "delayed mirror, see original there" – and it's the only place linked directly from their homepage.

So it's not "false" what I wrote. As you give no sources for "the other repos", it's for you to prove your counter-claim :wink:

@IzzyOnDroid @satur @niboe

> Checking, I see nothing has changed: last commit 4/2020

Indeed, I misread the date

But the securevaluerecovery repo was updated 19days ago. They use it for that: signal.org/blog/secure-value-r

The privatecontactdiscovery repo used for signal.org/blog/private-contac was last updated at the end of 2020

With the SGX enclaves, you can attest remotely that they are running the correct code.

@dreeg @IzzyOnDroid @satur @niboe ow, that is extremely interesting ! How can you check that ? That's something that I always thought would be nice to have, to not have to trust the server!

@silmathoron @IzzyOnDroid @satur @niboe

I don't exactly know how to do it myself but my understanding is that the client app does it automatically. The best idea is to look up how SGX enclaves work and the code related to secure value recovery and private contact discovery in the App itself.

@IzzyOnDroid @satur @niboe

Your source just says "look, the repo hasn't been updated in a while". But if you look at the history of the repo, it has had very few updates in its whole history. After all it's just a dumb forwarding service that doesn't do any kind of long term storage of messages, doesn't handle search or anything. The last updates are about updating the version of the dependency zkgroups (which they write), which handles the v2 of groups.

@IzzyOnDroid @satur @niboe

Since the v2 of groups has been released, there are now not many reason to need to update the server side. All recent features added to the app were 100% client side.

Your claim is completely baseless.

All the repos:

github.com/signalapp/zkgroup

github.com/signalapp/SecureVal

github.com/signalapp/ContactDi

@dreeg @satur @niboe So you're saying there are no updates in the only publically accessible place because no updates have been made to the software? That would make sense then, if confirmed. Though I'm not 100% convinced 😉

@IzzyOnDroid @dreeg @niboe maybe I am wrong, but my position is I don't trust Elon Musk, therefore I avoid :signal:

@satur @IzzyOnDroid @niboe

Many people recommended Signal way before Elon Musk talked about it. I have been using it for years. Snowden has been recommending it for much longer.

Signal was already being hyped as an alternative to WhatsApp before Elon jumped on the train. He just followed the trend (a took a lot of people with him), but he did not create it.

@satur @niboe @dreeg @IzzyOnDroid There are copious good reasons to avoid #Signal: github.com/privacytoolsIO/priv Freeness of server code on a closed network where the central controller doesn't assert in their disclosures a guarantee that they even run the public code is useless anyway.

@koherecoWatchdog @satur @niboe @dreeg And now the standard howling: "But Snowden recommends it!" – Edward also repeatedly said and wrote (using my own words here as I don't remember the exact phrasing): "Don't trust blindly. Rather ensure that no trust is needed." Which exactly fits here: transparency would ensure you've got to trust noone. As it stands now, you've got to trust multiple parties.

And (just crossed), as you wrote: he even revised his "endorsement". But still uses Signal.

@IzzyOnDroid @dreeg @niboe @satur I personally put no stock in Snowden's endorsements. He himself uses MS Windows IIRC. His audience is normies & his goal is to get masses of novices on a less surveilled path so usability for novices plays into his advice. Even though I generally scrap specific tool recommendations from Snowden, we have to pay attention b/c so many ppl take his endorsements like gold.

@satur @niboe @dreeg @IzzyOnDroid OTOH, Snowden's philosophical quotes are quite good, like the one you mention.

@IzzyOnDroid @dreeg @niboe @satur My favorite quotes from Snowden: "Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say." "Under observation, we act less free, which means we effectively are less free."

@koherecoWatchdog
It's nice his story makes privacy invading tools more difficult to exploit. Thanks to Snowden, WhatsApp is encrypted, and it doesn't scrape your messages for Facebook advertising.
@IzzyOnDroid @dreeg @satur

@frank87 I wouldn't be too sure about the FB part. After all, WA by default stores it backups unencrypted at GDrive. I'd not be much surprised if their E2E is rather an E2F2E. Has there ever been an audit to the entire WA platform confirming the security model and the thing being really E2E, no backdoors on their server or anywhere else, or "other surprises"?

@IzzyOnDroid @dreeg @niboe @satur People often point out that Snowden uses Signal himself, but his threat model and needs are wildly different from the general public. He must reach a wide audience which includes ppl not competent with anything harder to use. If he were to use Wire the metadata would threaten his correspondants who would become linked to him.. but eg. using Wire w/in a family doesn't carry that risk.

@koherecoWatchdog @IzzyOnDroid @dreeg @satur surely based on his own threat model Snowden would be best off using something like Session? Everything goes through an onion router, no accounts, not even usernames. If metadata is a huge deal in his threat model Session is better than Signal which uses phone numbers as usernames.

@koherecoWatchdog
Always remember your threat model...
There is too much "this tool is better cause it uses encryption" going around.
@IzzyOnDroid @dreeg @satur

@koherecoWatchdog @satur @niboe @dreeg @IzzyOnDroid Also, any tool that uses your actual mobile phone number as a username is inherently insecure!

@dheadshot @koherecoWatchdog @satur @niboe @IzzyOnDroid

Why? Signal allows you to protect your phone number with a password to avoid having someone else register it if you are still using it.

@dreeg @IzzyOnDroid @niboe @satur @dheadshot there are countless compromises and attack vectors that can result from exposure of a mobile number. Duplicate registration is not one of them, password protected or not, because username is a primary key.

@dheadshot @satur @niboe @IzzyOnDroid @dreeg but note that it may be possible for someone to impersonate you if you have a mobile phone that's not registered w/Signal. E.g. someone gets brief access to your phone, they sign up for Signal using your phone, vacate your phone, then use those creds on their phone.

@koherecoWatchdog @dheadshot @satur @niboe @IzzyOnDroid

Username squatting can be an issue with any messenger. The example you gave is outside of the scope of what Signal can do, usernames not proof of identity, only cryptographic fingerprints are. Even if you assume that the phone number you are talking to belongs to the right person, you should still verify the security codes to be sure that the conversation is private.

@dreeg @IzzyOnDroid @niboe @satur @dheadshot indeed, cautious expert users wouldn't be fooled by impersonation. In reality, it can be quite difficult to force the other party do a fingerprint verification. I sent half my fingerprint out-of-band to a correspondant & half of her FP. I told her to send me the other halves. she lied to me and said "verified" without send me the other halves. She ducked & dodged the process.

@dheadshot @satur @niboe @IzzyOnDroid @dreeg Ultimately I could not verify her. Signal is worse yet, b/c novice users are even less inclined to verify

@dreeg @IzzyOnDroid @niboe @satur @dheadshot in any case, the idea that having a p/w somehow prevents dupe registration is flawed. It only adds risk to have a mobile number for a username. One of many risks is that it can be used for password recovery by an adversary

@dheadshot @satur @niboe @IzzyOnDroid @dreeg also, username squatting is more of a threat when the username is a phone number. Novice users are more likely to distrust an impersonator if it's a freely chosen word, vs. a phone number.

@koherecoWatchdog @dheadshot @satur @niboe @IzzyOnDroid

Why?

In the example you gave, you need access to someone's SMS to be able to register an account with their phone number. If Signal used usernames, you wouldn't even need to access thr person's SMS to impersonate them.

@koherecoWatchdog @dheadshot @satur @niboe @IzzyOnDroid

I do agree that the use of phone numbers makes Signal unusable to communicate with people without giving them your identity, but this doesn't make the app "insecure". It's simply a use case that was out of scope originally.

@dreeg
Yes it does, by definition. There are 3 components to security: confidentiality, integrity, & availability. Anonymity falls under confidentiality (specifically confidentiality of identity).

Show newer

@dreeg
"you need access to someone's SMS to be able to register an account with their phone number." <= you answered your own question. This is exactly why impersonation is more successful w/ph#s. Novice users assume that their correspondant's phone is in their possession at all times.

@koherecoWatchdog @dheadshot @satur @niboe @IzzyOnDroid

The failure is on you, I've been able to verify tons of non tech saavy friends with the QR codes

@dreeg
You're confused. It's not a tech limitation; it's psychology. Calling someone a "failure" b/c they lacked the power to force someone else to do something is perversely idiodic.

In the case at hand, the other party was actually someone who worked for me. Even with some power over them, they are ultimately in control of their own actions. It took arm-twisting just to get an agreement to use e2ee. My choice was: fire her or not, but either way she was not doing the fingerprint chk.

@dreeg
#Briar for example doesn't give the possibility of linking to unverified accts.

Also, apps that don't need a mobile# allow users to freely type a username, so it's inherently obvious to even the most novice of users that verification is needed. Whereas with mobile#s the normies are like "meh, it's their phone# how could it be someone else?" They just trust it blindly.

@dreeg
#Briar for example doesn't give the possibility of talking to unverified accts.

Also, apps that don't need a mobile# allow users to freely type a username, so it's inherently obvious to even the most novice of users that verification is needed. Whereas with mobile#s the normies are like "meh, it's their phone# how could it be someone else?" They just trust it blindly.

@koherecoWatchdog

> #Briar for example doesn't give the possibility of talking to unverified accts.

Ping me when you get a non tech-saavy person to talk to you via Briar, or olvid, or any other app that does that.

@dreeg That's irrelevant. You asked how all e2ee IM tools don't have the same problem. #Briar is an existing tool that proves the point.

I also don't see how Briar requires an advanced user, not that it's relevant to the point. You might say one of the two parties needs to be advanced enough to handle the setup, but day-to-day operation is easier.

@koherecoWatchdog

You said you couldn't get someone to authenticate, so Briar would be a better option. But if someone won't authenticate with Signal, they won't either with Briar, and they'll just stay on an non-E2EE messaging app, which is arguably worse.

Show newer

@koherecoWatchdog

You're just accusing Signal of being useless because it doesn't address a specific point that it was never designed to address.

This doesn't render the whole app useless.

@koherecoWatchdog
I do this myself. Setting up signal with a throwaway SIM card, verifying with a VoIP number I've created instead of the one tied to the IMEI of the SIM and then throwing away the SIM card and using signal strictly over Wi-Fi.

Now my IMSI never pops up on the network, and if I must, I can run Signal communications through another phone's enabled Wi-Fi hotspot for more remote located or while in transit on the road.

I do this as a standard operating procedure because Signal is insecure with respect to exposing one's DID.

Signal really does suck when compared to Matrix or Keybase and a few others.

@niboe @IzzyOnDroid @dreeg @dheadshot @satur
@tallship
@tallship

@vger
If you stop using the number, your provider will reallocate it within 6 months, so someone else can still access your account later.
@satur @koherecoWatchdog @dreeg @IzzyOnDroid @tallship@misskey.de @tallship@pleroma.cloud @niboe

@dheadshot

I don't verify with the IMEI of the SIM card - I verify the DID of the VoIP number, which costs me about $5/yr.

This only becomes a problem if I insert the SIM in another phone and try to install Signal. I've done this a couple of times, but each time I also used the same VoIP DID and subsequently lost the ability to use Signal on the previous phone.

But I was retiring the old phone anyway.

@satur @tallship @niboe @koherecoWatchdog @dreeg @IzzyOnDroid @tallship

@vger @niboe @tallship@pleroma.cloud @tallship@misskey.de @IzzyOnDroid @dreeg @dheadshot @satur I thought the verifcation needed to be an SMS (which would not work over VOIP). Did that change? Or did I have that wrong all along?

@koherecoWatchdog


Yes, absolutely, you can send/receive both SMS and MMS messages over VoIP....

But it depends on your provider. I provide these services, most retail providers probably still do not for vanilla VoIP service, but I specifically enable it for most of my customers.

There are indeed many services/apps/etc., that will fail when you try to verify via SMS when the #DID is a VoIP number - Signal is not one of those, and really, why should it be?

I simply have ALWAYS refused to use a service where I cannot verify via SMS using one of my #VoIP numbers, and will continue to maintain this policy.

There was a time, not even 6 or 7 years ago, where cellular numbers were not acceptable phone numbers to use when setting up services, even then I was able to use VoIP numbers to set up almost all of those services and verify over #SMS with those DIDs, where cellular numbers wouldn't work.

Just in the past decade, the swing away from #POTS lines (PSTN) has been really swift, and yes, many services will not let you use your so-called "land-line" numbers (which are overwhelmingly VoIP now - they just don't support SMS/MMS).

<NOTE:>

Your #PSTN phone line (in the US) is 48V DC / 90V AC @20Hz (tip and ring) on a completely separate grid than your home electricity. This is basic to national security, where a cellular radio is not, which is why when say, there's an earthquake or power outtage, your landline will still work if the telephone poles are still standing, and your cellular phone will not.

Further, your broadband over fiber Internet connection will often continue to work even when the lights go out in your house, but to be certain, satellite services such as Starlink may be a better bet, since you can't just dial up via v.42BIS anymore lolz

</NOTE:>

I get my DIDs channelize that on a wholesale basis, so they cost me next to nothing, but I don't play games either and round robin them like email spammers do with DEAs. My customers are actual customers (Not miscreants), individual consumers or legit businesses. Many of my regular consumers are basically folks like owners of Pine or Librem phones (I live in an area where there's a lot of paranoid folk... rightfully so),

So without getting too mired in details, certain pools of DIDs, typically based on their NANP rate centers are flagged in databases as VoIP numbers. This means that some verification schema and bots will fail you during the SMS verification process. You may have experienced this if you're using say, a Google Voice number, and the service you're signing up for says to use a real cellular number or something like that.

I said I wouldn't get too deep on this particular subject so suffice it to say that considering there's a lag of time, you buy a cheap SIM card for like 5 bucks, as an example, and then port that DID to become a VoIP number, and whatever service that was that denied your Google Voice number or other VoIP number will work just fine. I do this type of LNP port occasionally, for people who wish to move to VoIP for convenience and keep their landline or cellular phone number they've had for years - the one that all their family and friends have already.

Before getting to the crux of the discussion though, someone did mention in this thread about the horrific onboarding experience that many people observe with Matrix....

I do concur, and agree that it needs to be much more seamless and simple for the masses. But we're talking about RIOT/Element here as the client, right?

There's many other Matrix clients, some obviously much more complicated, like plugins for Weechat (not a big deal for anyone comfortable with IRC).

People don't even generally associate any other client except for Element with Matrix, and that's really bad advocacy, marketing, ambassadorship, or something along that kind of thinking. Suffice it to say that Element really needs to have the onboarding become (to use a very antiquated term) USER FRIENDLY.

What I recommend to many folks is SchildiChat - cross platform (Android/Linux/Mac/Windows). It has a very nice and familiar look and feel to it, so people coming from other IM platforms can hit the ground running :)

https://schildi.chat/android/

Okay.... Signal:

I have great respect for Moxie Marlinspike, as well as some disdain - he wouldn't give the nod of approval for #FOSS'ing the Signal client, as I understand it, but you can get clone some of the forks of the Signal service from GitHub still, IIRC.

So sure, anyone can start a Signal network service just like Signal itself (It's FOSS), but it's a centralized service (not federating), so only the people registered with your service can communicate via Signal protocol with each other - and see above.... what are you going to do for a client?

I admire his response to #NSLs - Sure, here's the three pieces of data on that user - IP they signed up with and time stamp. IP they last connected from/to with timestamp. That's basically it I think.

But there's more that's not being disclosed here. First, by default, Signal wants to connect over your cellular network... Uh OH!!!!

That means that your IMSI has now been exposed - if they have your IP and timestamp, they now now exactly WHO YOU ARE coz they know which phone you're using, regardless of your IMEI, which can be changed anytime you swap out your chip.

Signal, for some fucked up reason, also wants to farm your contact database, so when your friends sign up for signal it alerts you that they have - that's not good!

Even people that you don't like, and only have in your contact list so that you know not to answer when they call....

"Asshole #1 - do not answer"
"Ex-girlfriend #7 - do not answer"
"Bill Collector #3 do not answer"
"I fired this turdburglar - do not answer"

Whatev, you get the idea :) That's a lot more metadata than is purported when Moxie talks about how private Signal is.

in that scenario, ANYONE who has your phone number in their contact database that installs signal will know you're on it too....

So let's look at that for a minute. Let's say you're on a database, listed by your phone number. A government or any kind of business - maybe a bill collector, or even worse, a dangerous, violent, stalker ex-boyfriend.

The minute you install signal and verify your cellular phone number BANG!!! you pop up on that government watchlist Because they've got signal installed and you're in their contact database/watchlist. Even when you change your phone number or swap our your SIM card for a new IMEI, because you still can't shake your IMSI coz it's tied to your particular Android handset - unless it's a Librem 5, coz you can just swap out the radio (that's where the IMSI is embedded).

Now, I need to say this (Should have said this at the very beginning of this post) - YES, you can SMS verify your VoIP number in Signal - when you install, it will by default pull your cellular DID that is associated with your SIM card - but you can change it right then and there!

What I do not know (because I honestly haven't tried) is whether you can install Signal and verify with your VoIP DID if say, you're doing so on a Pine Phone or Librem 5 with the transceiver turned off (or on a typical Android with the SIM card removed).

Perhaps someone could check that, I'm not going to bother, since Signal isn't a service a recommend, and honestly I only use it for people that already have my (VoIP) number lolz.

People like to bash (no pun intended) #Email more and more nowadays, but for anything but an Android app, and even then most of the time, you actually NEED a valid email address in order to complete verifications of one sort or another. If you're a slave to Google then you also need at the very least a #DEA (disposable email address, most get them from Google, because it's a google account that you need to register) to be able to install those apps - unless you use the Aurora Store or F-Droid.

Using the Google Play Store results in the ownership of many aspects of your very life by Google and others.

Registering with Banking, US Government services, and generally speaking, any #KYC verification also requires an email address.

Two things I would like to see:

1.) People using #gpg Keys corresponding to their email addresses (at least sign your emails, there are other, better services for ensuring #e2e encrypted communications).

2.) Use KeyOxide

I guess the point being is that, and it's true, generally speaking, neither your phone number, email address, or even an #SSL cert (TLS) will verify the identity of either you, or the other end point that you're communicating with. #TLS only attempts to ensure that your connection is encrypted - fine. Phone numbers and email addresses can still be spoofed/hijacked/etc.

Earlier in this thread there was discussion about verifying keys, and that person was lamenting the fact that most folks using signal are just oblivious as to the significance of doing so - I suggest we do our collective best to educate everyone we communicate with on these matters, it's not enough that we're comfortable in doing so, we really need to be advocates, no.... ambassadors, for all of the other average schmoes out there in securing and taking back ownership of their private data.

Your thoughts?



@vger @niboe @tallship @IzzyOnDroid @dreeg @dheadshot @satur
@yarmo
old-school-phone-1519364.jpg

@tallship@pleroma.cloud @niboe @vger @tallship@misskey.de @IzzyOnDroid @dreeg @dheadshot @yarmo @satur My VOIP svc excludes SMS & this means I don't get online access to some financial accts. You can get a pinger number & hope it's not blacklisted, or (as you say) perhaps a DID that somehow collects & forwards SMSs. I have no doubt there are ways around Moxie's restrictions. The problem is: I wouldn't use #Signal to talk to myself. The normie at the other end won't go through hoops.

@satur @yarmo @dheadshot @dreeg @IzzyOnDroid @tallship@misskey.de @vger @niboe @tallship@pleroma.cloud I can circumvent Signal’s restrictions for myself, but for what? If I push my normie friends & family onto #Signal, I'm pushing them into many instances of surveillance (well documented here → github.com/privacytoolsIO/priv) #Snikket avoids all those surveillance pitfalls that encumber Signal.

@satur Matrix ,XMPP and Telegram leaks metadata. So I would like to go for Signal.

@orionholmes @satur

They likely leak metadata too. Phone numbers are merely hashed (crackable) and Signal is now hosting in Google servers (PRISM).

@jcast @satur it doesn't matter that Signal is using Google server 'coz everything is on Signal E2EE and server has zero (0) knowledge about whom talking to whom and which message going to whom.

@orionholmes @satur

It's possible to get metadata given enough time. This has been shown to be possible by breaking the hash on the phone numbers.

Also the public server repository of Signal server is not updated for months so the Signal server is really no longer open source.

So PRISM can likely find out who is in touch with who.

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.